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[57] ABSTRACT 

An apparatus and method for determining the topology of a 
computer network including data-relay devices and node 
devices, based on a comparison of source adddresses heard 
by the various data relay-devices. A source address table is 
compiled for each port of each data-relay device, and for 
each select pair of ports the addresses in the source tables are 
compared to determined whether there is an intersection of 
heard devices. In order to account for directed transmissions 
which are not heard at every port, further comparison is 
made of all of the other ports of the device, eliminating the 
ports for which the intersection is the empty set From the 
determined connections, a topology of the network is 
graphed showing direct and transitive connections. In cases 
where there is both a direct and transitive connection, the 
redundant direct connection is eliminated. 

29 Claims, 9 Drawing Sheets 
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APPARATUS AND METHOD FOR computer network, which information may be used in man- 

DETERMINING A COMPUTER NETWORK aging the network. 

TOPOLOGY It is another object of the present invention to provide an 

apparatus and method which utilizes lists of source 
CROSS REFERENCE TO RELATED 5 addresses "heard" by each port of a data-relay device (e.g., 

APPLICATION a hridge) and compares the same to addresses heard by other 

This application is a continuation of appHcation Ser. No. dcviccs > Ln OTdcr t0 dcterminc * e topology of * e 

08/115,232, filed Sep. 1 } 1993, now abandoned, which is a network 

continuation-in-part of and commonly assigned U.S. Scr. » is a further object of the present invention to provide an 

No 07/583,509 filed Sep. 17, 1990 entitled "NETWORK apparatus and method for determining connections which 

MANAGEMENT SYSTEM USING MODEL-BASED are not directly "heard" due to a directed transmission, but 

INTELLIGENCE" by R. Dev et al. now abandoned. which connection can be determined by inference from the 

addresses heard by other ports of the data-relay device. 

FIELD OF THE INVENTION It is yet another object of the present invention to provide 

. ^. w ♦ ,„„ ^ ,ioto™-„*«n thA an apparatus and method which determines both transitive 

This invention relates to a ^J^J^S^ and direct connections between data-relay devices and for 

topology of a computer ^^^^^^^ which redundant direct connections are eliminated to pro- 
devices and node devices, the topology being determined 

based on a comparison of source addresses "heard" by the VA ^ 6/ 

various data-relay devices. 20 SUMMARY OF THE INVENTION 

BACKGROUND OF THE INVENTION According to the present invention, these and other 
Computer networks are widely used to provide increased objects and advantages are achieved in a method and appa- 
computing power, sharing of resources and communication c ratus for ^termimng a network topology, 
between users. Computer systems and computer system 25 According to the method of the present invention, a list of 
components arc interconnected to form a network. Networks network addresses "heard" by each port of a data-relay 
may include a number of computer devices within a room, device, such as a bridge, is compiled for each data-relay 
building or site that arc interconnected by a high speed local device in a computer network. The network includes a 
data link such as local area network (LAN), token ring, plurality of data-relay devices and node devices intercon- 
Ethernet, or the like. Local networks in different locations 30 nected by a data bus. The node devices (e.g., work stations 
may be interconnected by techniques such as packet or disk units) transmit data on the bus via data packets which 
switching, microwave links and satellite links to form a include a source address. The data-relay devices also trans- 
world-wide network. A network may include several hun- mit their own source address with replies sent to the network 
dred or more interconnected devices. management system. Each of the data-relay devices acquires 

In computer networks, a number of issues arise, including 35 and maintains a so ^ ce ^ 

traffic overloadon parts of the network, optimum placement addresses heard by each port of the dato-relay device. These 

M resources, security, isolation of ne^ork faults, « **n to ^termme whetr^ere is a dire« 

and the like. Tnese issues become more complex and or transitive connecUon between select ports on different 

occult as networks become larger and more complex. For „ data-relay devices and the resulting ^^^f^ 

exanple,ifanetworkdevi^ 40 *> finc a J***** showm S me mterconnecaons between the 

be difficult to determine whether the fault is in the network Evicts in the network. 

device itself, the data communication link or an intermediate More specifically, if a port X, (on data-relay device X) 

network device between the sending and receiving network hears another data-relay device Y, we know that there is at 

devices least a transitive (if not a direct) connection between some 

Network management systems have been utilized in the 45 partY y udX l .lfth(»isap^y^themX,towecaB 

past in attempts to address such issues. Prior art network conclude mat X, is connected to Y,. 

management systems typically operated by remote access to Due to directed transmissions, there will not always be a 

and monitoring of information from network devices. The port Y, that hears X. In this case, another method is used to 

network management system collected large volumes of 50 determine which port of Y is connected to X,. The correct 

information which required evaluation by a network admin- port is found by excluding all ports that cannot be connected 

istrator. Prior art network management systems place a to part X,. 

tremendous burden on the network administrator. He/she More specifically, a node device z that is not in the set of 

must be a networking expert in order to understand the addresses heard by Xj must be in some set X g where q does 

implications of a change in a network device parameter. The 55 net equal i. If port Y,- is connected to port X; , then z must be 

administrator must also understand the topology of each in set Y, and in no other set Y r such that r does not equal j. 

section of the network in order to understand what may have Thus, to determine which port of Y is connected to port X t 

caused the change. In addition, the administrator must sift W e test each port of Y against the other ports of X, elimi- 

through reams of information and false alarms in order to nating the ports of Y for which the intersection is the empty 

determine the cause of a problem. ^ set If enough of the set X^*s and Y/s are empty, there may 

An important aspect of any network management system be no ports remaining and the technique falls. Otherwise, 

is its ability to accurately represent interactions within the one is left with one port Y r which is the port that is 

network and between network devices. Toward this end it is connected to X,. 

crucial that any network management system be provided if the above methods are applied to each data-relay port 

with some means to determine the topology of the network. 65 in the network, one can then graph the interconnections 

It is a general object of the present invention to provide a between data-relay devices to define the network topology, 
method and apparatus for deterrnining the topology of a As a final step, redundant connections are detected by 
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checking each direct connection for the existence of a FIG. 12 is a block diagram of a network management 

transitive connection between the same ports. If such a system which may utilize the present invention; 

transitive connection exists, then the direct connection is FIG. 13 is a block diagram showing an example of a 

redundant and is eliminated. network connected to the network management system of 

Hie apparatus of the present invention is a system for use 5 FIG. 12; and 

with a digital computer network and preferably with a fig. 14 is a schematic diagram showing the structure of 

network management system. In a preferred embodiment models and the relations between models in the network 

the network management system includes a virtual network management system of FIG. 13 which utilizes the present 

having models representing network devices, each model invention, 

containing network data relating to the corresponding net- 10 

work device and means for processing the network data to DETAILED DESCRIPTION 

provide user information. The system includes means for . . . . ^ * * 

transferring network data from the network devices to the J ^ ,PW°J invention is an apparatus and method for 

correspond^ models, and means for supplying user infor- <^ermuung the topology of a computer ne^ork consisting 

matron! me virtual network to a usa T*us a model of " ofdito-ittay^^ 

each data-relay device includes as network data a list of be compiited automatically by obtaining and processing 

source addresses heard by each port of the data-relay device information from the network devices, 

and the processing means are inference handlers which A data-relay device is a network element mat provides 

compare the sets of addresses of the various data-relay electrical and/or logical isolation of local area network 

devices to determine the topology of the computer network 20 segments. A data-relay device forwards network packets 

Tnere are means for updating the network data, e.g, by from one port of the device to other ports of the device, 

polling the network entities. The determined network topol- amplifying andre-timing the electrical signals to (a) increase 

ogy is used by the management system for controlling traffic the maximum cable length, (b) increase the number of 

on the network, optimizing network resources, security, permissible nodes on the network, and/or (c) increase the 

isolation of network faults, and the like. In addition, the ^ number of network segments. Examples of data-relay 

determined topology may be provided to the user by a video devices include bridge s, rep eaters, hubs and the like, 

display unit connected to the computer. Bridges are defined in IEEE 802.1(d) specification, and 

mese and other advantages of the present invention will *P?*™ * ™ **« e) *" 5ffl ^ * 

be further defined by the following drawings and detailed * the above 

, . . 30 storage and forward mechanism with packet filtering, to 

^ 0n * reduce the network load. Hubs are bridges but forward all 

BRIEF DESCRIPTION OF THE DRAWINGS traffic without filtering. For use in this invention, the hub 

. _ must be an "intelligent** hub with a source address table for 

FIG. 1 is a schematic diagram showing an example of a network as te $cribed below. 

network, 35 accordance with this invention, each data-relay device 

FIG. 2 is a schematic dia^ showing the _parUaon has fl ^ ad(Jrcss ^ ^ fa fl m of 

imposed by data-relay device A in the network of FIG. 1; networkaddresses W by each port of the device. When 

FIG. 3 is a schematic diagram showing me paruaon fl aetwark node transmits a packet the source address of the 

imposed by data-celay device B in the network of FIG. 1; transmitting device is included in the packet; when the 

FIG. 4 is a schematic diagram showing the partition 40 pad^t is received by the data-relay device, the source 

imposed by data-relay device C in the network of FIG. 1; address is stored in the source address table, along with the 

FIG. 5 is a schematic diagram showing the combined port that the packet was received on. 

partitions of the data^relay devices A, B and C in the network Entries in the source address table are usually "aged," so 

of FIG. 1; that an entry exists in the table for a finite period of time 

FIG. 6 is a schematic diagram showing trial connections 45 unless refreshed by another packet being received from the 

between the data-relay devices of the network of FIG. 1, same source address on the same port. This maintains the 

determined according to the present invention; currency of the table, since a device which is physically 

FIG. 7a is a schematic diagram showing the final con- removed from the network will eventually disappear from 

nections between the data-relay devices in the network of 5Q the source address table. 

FIG. 1, determined according to the present invention, and jf a no de device on the network has not yet transmitted a 

FIG. 7b is the same as FIG. 7a but further includes the node packet, ie., an inactive node, the data-relay device will not 

devices between the data-relay devices; receive a packet from that node for entry on the source 

FIG. 8 shows an example of the source address tables for address table. However, this can be corrected for by peri- 
each port of the data-relay devices in the network of FIG. 1; 55 odically polling all of the node devices on the network to 

FIG. 9 is a flow chart showing a method of determining confirm the existence of all devices on the network, 

a connection between data-relay devices according to the In order to prevent loops in the network, and thus dupli- 

present invention; cation of packets, data-relay devices must not be connected 

FIG. 10 is a flow chart showing a further method of redundantly. Some devices, such as IEEE 802.1(d) compli- 

determining connections between data-relay devices accord- 60 ant bridges, use a spanning tree algorithm to automatically 

ing to the present invention; detect and disable redundant devices. 

FIG. lie is a flow chart showing a method of making the In performing their primary function of packet 

trial connections and final connections (see FIGS. 6-7) forwarding, data-relay devices are essentially transparent to 

according to the present invention to determine the topology the network. They do not transmit packets with their own 

of the network of FIG. 1; FIGS, Wb and 11c are schematic 65 addresses. However, data-relay devices do transmit 

diagrams showing the elimination of redundant connections responses to network management requests with their own 

in two sample networks; address in the source address field of the packet This feature 
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is important to the computation of the network topology 
according to the present invention since, otherwise, the 
data^elay devices would not appear in each other's source 
address tables. 

Some data-relay devices perform directed transmissions 
of management packets. Thus, instead of the management 
response being transmitted on all ports of the device, it is 
transmitted only on the port where the management request 
was received. This is usually evident in bridges where die 
management packet itself is subject to a filtering process. 
When a data-relay device uses directed transmission of 
management packets, the address of the device may or may 
not appear in the source address tables of other data-relay 
devices, depending on the relative placement of the data- 
relay devices and the management statioa This fact is taken 
into account in accordance with the present invention when 
computing the network topology from the source address 
tables as described below. 

In order to describe the operation of the present invention, 
a sample network is shown in FIG. 1. The network includes 
three data-relay devices, 10. 12 and 14, which have been 
identified as devices A, B and C, each with two numbered 
ports. The data-relay devices separate the network into three 
sections or partitions, with end-node devices d-k and man- 
agement station m at various locations on the network. The 
partitions generated by devices A, B and C are shown in 
FIGS. 2, 3 and 4, respectively. The combination of partitions 
is shown in FIG. 5. In summary: 

partition 9 includes node devices d, e and m connected to 
port 1 of data-relay device A; 

partition 11 includes node devices f and g between port 2 
of data-relay device A and port 1 of data-relay device 
C; 

partition 13 includes node devices h and i between port 2 
of data-relay device C and port 1 of data-relay device 
B; and 

partition 15 includes node devices j and k connected to 
port 2 of data-relay device B. 

The source address table for each data-relay device 
reflects the partitioning. Each port "hears'* all the devices 
contained in its partition. Thus, the sets of devices heard by 
the various ports are: 

Al=(a\ e, m) 

A2=(B, C,f,g,h, i, j,k) 

C1=(A, d, e, m, f , g) 

C2=<B,h,i,j,k) 

B1=(A. d, e, m, f, g, h, i) 

B2=(j, k) 

The above address tables for each port are shown schemati- 
cally in FIG. 8. 

The data-relay devices may not be heard by other data- 
relay devices due to directed transmission of management 
packets. For example, note that Bl does not hear device C, 
since in this example C is directing its management traffic 
toward the management station m. However, since in this 
example A does not direct its management traffic, Bl does 
hear A. 

A transitive connection is defined as a connection between 
two nodes that crosses one or more data-relay devices. For 
example, in FKr. 1 port A2 is transitively connected to port 
Bl via device C. 

In contrast a direct connection has no data-relay device 
intervening. Again, referring to FIG. 1, port A2 is directly 
connected to port CI. 

A first method of the present invention for deterniining 
connections between the data-relay devices is illustrated by 
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the flow chart of FIG. 9, wherein the address tables for a pair 
of data-relay devices X and Y, such as devices A and C in 
FIG. 8 are examined According to the method, if a port X, 
hears another data-relay device Y (step 200), we know that 

5 there is at least a transitive (if not direct) connection between 
some port Y, and X^. If there is a port Yj that hears X (step 
202), then we can conclude that X, is connected to Y y (step 
205). For example, C is an element of A2, and A is an 
element of CI, so A2 is connected to CI (see boxes around 

10 relevent entries in the address tables of FIG. 8). If X, does 
not hear Y then there is no connection between X, and Y 
(step 201) and we advance to the next port on X (step 207). 
We repeat this process for every port on X (step 206), 
incrementing to the next port on X (step 207), and incre- 

15 menting to the next data-relay device (step 208) when we 
reach the last port on X. Similarly, we repeat the process for 
every port on Y (step 203), incrementing to the next part on 
Y (step 204). 

Due to directed transmissions, there will not always be a 
2Q port Yj that hears X. In this case, another method must be 
used to determine which port of Y is connected to X,. We 
find the correct port by excluding all ports that cannot be 
connected to X,. This method is illustrated in the flow chart 
of FIG. 10. 

25 Thus a node device z that is not in the set X, must be in 
some set X q such that q does not equal i If port Yj is 
connected to port X,, then z must be in the set Y,, and in no 
other set Y r such that r does not equal j. In other words, for 
all q not equal to i, there is some intersection of the sets X^ 

30 and Y, if port X, is connected to port Y^ If there is no 
intersection between X g and Y r (i.e., the null set), then port 
X, is not connected to port Y,. 

To determine which port of Y is connected to X,, we test 
each port of Y against the other ports of X, eliminating the 

35 ports of Y for which the intersection is the empty set Thus, 
in step 300 of FIG. 10. we consider whether Y r hears X^ If 
the answer is, "yes" then there is a connection between X, 
and Y r (step 30J); If the answer is. "no" we check whether 
this is the last port on Y (step 302) and, if not, we increment 

4Q to the next port on Y (step 303). After checking all of the 
ports of Y, if (he intersection is the null set, then no 
connection can be determined between X, and any port on Y 
(the method fails) (step 304). 
If we apply the above methods of FIGS. 9 and 10 to each 

45 data-relay port in the network, one can graph the intercon- 
nections between the data-relay devices according to the 
trial connections shown in FIG. 6. Thus, the following direct 
connections are shown in FIG. 6: 
connection 20 between port A2 and port CI; 

50 connection 22 between port C2 and port Bl; and 
connection 24 between port A2 and port Bl. 
The connections, or edges between the two ports include 
both transitive connections as well as direct connections. If 
a transitive connection exists, then the direct connection is 

55 redundant and should be eliminated. For example, as shown 
in FIG. 7A, because there is a transitive connection between 
A2 and Bl, the direct connection between A2 and Bl has 
been eliminated. 
The method for eliminating redundant connections is 

60 illustrated in the flow chart of FIG. 11a. According to step 
320, we first form trial connections between X, and Y,, as 
shown in FIG. 6. Next, we check whether X, is directly 
connected to Y, (step 321). If there is no direct connection, 
we check whether this is the last port on X (step 322) and 

65 either increment to the next port on X (step 323) or, if this 
is the last port on X, we increment to the next device (step 
324). If we find that X, is directly connected to Y p we then 
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check whether X< Is transitively connected to Y y (step 325). models. The virtual network machine 412 is associated with 

If the answer is, "yes" we remove the direct connection a database manager 416 which manages the storage and 

between X, and Y, (step 326). In traversing from node to retrieval of disk-based data. Such data includes configura- 

node to reach the desired port, the system can set a (i flag" at tion data, an event log, statistics, history and current state 

each node visited since revisiting a node serves no purpose. 5 information. The device communication manager 414 is 

The process of eliminating direct connections where connected to a network 418 and handles communication 

transitive connections exist is illustrated in the simplest between the virtual network machine 412 and network 

possible case in FIGS. 6-7a— i.e., three data-relay devices. devices. The data received from the network devices is 

It should be pointed out that me same technique is applicable provided by the device communication manager to fee 

to an arbitrarily complex network of bridges, hubs and 10 virtual network machine 412. The device communication 

end-point devices (within the limitations imposed on bridges manager 414 converts generic requests from the virtual 

and hubs, ie„ no loops may exist). This is true because network machine 412 to the required network management 

alternate paths involving more than three data-relay devices protocol for communicating with each network device, 

may consist of a combination of direct and transitive con- Existing network management protocols include Simple 

nections and may include branching as well. In FIG. 116, 15 Network Management Protocol (SKMP), Internet Control 

transitive connections (1 to 2 and 2 to 3) eliminate direct Message Protocol (ICMP) and many proprietary network 

connection (1 to 4). Similarly, direction connection (2 to 4) management protocols. Certain types of network devices are 

is eliminated as well. In FIG. 11c. a three port data-relay designed to communicate with a network management sys- 

device allows for branching in the network; however, the tern using one of these protocols. 

elimination of redundant direct connections (5 to 7, 7 to 8 20 A view personality module 420 connected to the user 

and 5 to 8 as shown) proceeds exactly as described for three interface 410 contains a collection of data modules which 

data-relay devices. In real networks, data-relay devices permit the user interface to provide different views of the 

having more than two ports, and network segments consist- network. A device personality module 422 connected to the 

ing of more than three devices are more the rule than the virtual network machine 412 contains a collection of data 

exception. 25 modules which permit devices and other network entities to 

The topology of FIG. 7 can be further defined to include be configured and managed with the network management 

the node devices in each network segment. Each node device system, A protocol personality module 424 connected to the 

belongs to a segment if its address appears in the intersection device communication manager contains a collection of data 

of the port sets X, of each data-relay port which is directly modules which permit communication with all devices that 

connected to the segment For example, as shown in FIG. 8, 30 communicate using the network management protocols 

node devices h and i appear in the address tables for each specified by the module 424. The personality modules 420, 

ports C2 and Bl and, therefore, nodes h and i should be 422 and 424 provide a system that is highly flexible and user 

included as part of the connection 22 between devices A and configurable. By altering the personality module 420, the 

C. FIG. lb shows a topology further including the node user can specify customized views or displays. By changing 

devices. 35 the device personality module 422, the user can add new 

In the preferred emtwdiment described herein, the method types of network devices to the system. Similarly, by chang- 

and apparatus for detarnining network topology form a part ing the protocol personality module 424 ? the network man- 

of a network management system, or provide network agement system can operate with new or different network 

topology information to a network management system, management protocols. The personality modules permit the 

such as that described in co-pending and commonly 40 system to be reconfigured and customized without changing 

assigned U.S. application Ser. No. 07/583,509, filed Sep. 17, the basic control code of the system. 

1990, entitled, NETWORK MANAGEMENT SYSTEM The hardware for supporting the system of FIG. 12 is 

USING MODEL BASED INTELLIGENCE, by R. Dev et typically a workstation such as a Sun Model 3 or 4, or a 386 

at. which issued as U.S. Pat No. 5,504,921 on Apr. 2, 1996. PC compatible computer running Unix. A niinimum of 8 

A corresponding application application was also filed as as megabytes of memory is required with a display device 

PCT/US9 1/06725 on Sep. 17, 1991 and published as Int'l which supports a mimmum of 640x680 pixelsx256 color 

PubL No. WO92/05485 on Apr. 2, 1992; that application is resolution. The basic software includes a Unix release that 

hereby incorporated by reference in its entirety. However, supports sockets, X-windows and Open Software Founda- 

the present invention may also be used in combination with tion Motif 1.0. The network management system is imple- 

other network management systems, or in any application 50 mented using the C++ programming language, but could be 

where it is desired to obtain the network topology. implemented in other object-oriented languages such as 

In accordance with the network management system of EiffeL Smalltalk, ADA, or the like. The virtual network 

the previously identified application, which is incorporated machine 412 and the device communication manager 414 

by reference, FIG. 12 shows a block diagram of the system. may be run on a separate computer from the user interface 

The major components of the network management sys- 55 410 for increased operating speed, 
tern are a user interface 410, a virtual network machine 412, An example of a network connected to this management 
and a device communication manager 414. The user inter- system is shown in FIG. 13. The network includes work- 
face 410, which may include a video display screen, stations 430, 431, 432, 433 and disk units 434 and 435 
keyboard, mouse and printer, provides all interaction with interconnected by a data bus 436. Workstations 430 and 431 
the user. The user interface controls the screen, keyboard, so and disk unit 434 are located in a room 438, and worksta- 
mouse and printer and provides the user with different views tions 432 and 433 and disk unit 435 are located In a room 
of the network that is being managed The user interface 440. The rooms 438 and 440 are located within a building 
receives network information from the virtual network 442. Network devices 444, 445 and 446 are interconnected 
machine 412. The virtual network machine 412 contains a by a data bus 447 and are located in a building 448 at the 
software representation of the network being managed, 65 same site as building 442, The network portions in buildings 
including models that represent the devices and other enti- 442 and 448 are interconnected by a bridge 450. A building 
ties associated with the network, and relations between the 452 remotely located (in a different city, state or country) 
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from buildings 442 and 448, contains network devices 453, 
454, 455 and 456 interconnected by a data bus 457. The 
network devices in building 452 are interconnected to the 
network in building 448 by interface devices 459 and 460, 
which may communicate by a packet switching system, a s 
microwave link or a satellite link. The network management 
system shown in FIG. 12 and described above is connected 
to the network of FIG. 13 at any convenient point, such as 
data bus 436. 

In general the network management system shown in 10 
FIG. 12 performs two major operations during normal 
operation. It services user requests entered by the user at 
user interface 410 and provides network information such as 
alarms and events to user interface 410. In addition, the 
virtual network machine 412 polls the network to obtain 15 
information for updating the network models as described 
hereinafter. In some cases, the network devices send status 
information to the network management system automati- 
cally without polling. In either case, the information 
received from the network is processed so that the topology, 20 
operational status, faults and other information pertaining to 
the network are presented to the user in a systematized and 
organized manner. 

Each model includes a number a attributes and one or 
more inference handlers. The attributes are data which 25 
define the characteristics and status of the network entity 
being modeled. Basic attributes include a model name, a 
model type name, a model type handle, a polling interval, a 
next-time-to-poll, a retry count, a contact status, an activa- 
tion status, a time-of -last-poll and statistics pertaining to the 30 
network entity which is being modeled. Polling of network 
devices will be described hereinafter. In addition, attributes 
that are unique to a particular type of network device can be 
defined. For example, a network bridge will contain an 
address source table that defines the devices that are heard 35 
on each port of the bridge. A model of the network bridge 
can contain, as one of its attributes, a copy of the table. 

The models used in the virtual network machine also 
include one or more inference handlers. An inference han- 
dler is a C++ object which performs a specified computation, 40 
decision, action or inference. The inference handlers collec- . 
tively constitute the intelligence of the model. An individual 
inference handler is defined by the type of processing 
performed, the source or sources of the stimulus and the 
destination of the result The result is an output of an 45 
inference handler and may include attribute changes, cre- 
ation or destruction of models, alarms or any other valid 
output Hie operation of the inference handler is initiated by 
a trigger, which is an event occurring in the virtual network 
machine. Triggers include attribute changes in the same 50 
model, attribute changes in another model, relation changes, 
events, model creation or destruction, and the like. Thus, 
each model includes inference handlers which perform 
specified functions upon the occurrence of predetermined 
events which trigger the inference handlers. The inference 55 
handlers may process the source address lists according to 
the methods of this invention (FIGS. 9-11). 

A schematic diagram of a simple model configuration is 
shown in FIG. 14 to illustrate the concepts of this manage- 
ment system, A device model 480 includes attributes 1 to x 60 
and inference handlers 1 to y. A device model 482 includes 
attributes 1 to u and inference handlers 1 to v. A connect 
relation 484 indicates that models 480 and 482 are con- 
nected in the physical network, A room model 486 includes 
attributes 1 to m and inference handlers 1 to n. A relation 488 65 
indicates that model 480 is contained within room model 
486. and a relation 490 indicates that model 482 is contained 
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within room model 486. Each of the models and the model 
relations shown in FIG. 14 is implemented as a C++ object 
It will be understood that a representation of an actual 
network would be much more complex than the configura- 
tion shown in FIG. 14. 

As discussed above, the collection of models and model 
relations in the virtual network machine form a representa- 
tion of the physical network being managed. The models 
represent not only the configuration of the network, but also 
represent its status on a dynamic basis. The status of the 
network and other information and data relating to the 
network is obtained by the models in a number of different 
ways. A primary technique for obtaining information from 
the network involves polling. At specified intervals, a model 
in the virtual network machine 412 requests the device 
communication manager 414 to poll the network device 
which corresponds to the model The device communication 
manager 414 converts the request to the necessary protocol 
for communicating with the network device. The network 
device returns the requested information to the device com- 
munication manager 414, which extracts the device infor- 
mation and forwards it to the virtual network machine 412 
for updating one or more attributes in the model of the 
network device. The polling interval is specified individu- 
ally for each model and corresponding network device, 
depending on the importance of the attribute, the frequency 
with which it is likely to change, and the like. The polling 
interval, in general, is a compromise between a desire that 
the models accurately reflect the present status of the net- 
work device and a desire to minimize network management . 
traffic which could adversely impact normal network opera- 
tion. 

According to another technique for updating the informa- 
tion contained in the models, the network devices automati- 
cally transmit information to the network management sys- 
tem upon the occurrence of significant events without 
polling. This requires that the network devices be pre- 

It will be understood that communication between a 
model and its corresponding network entity is possible only 
for certain types of devices such as bridges, card racks, hubs, 
etc. In other cases, the network entity being modeled is not 
capable of communicating its status to the network man- 
agement system. For example, models of buildings or rooms 
containing network devices and models of cables cannot 
communicate with the corresponding network entities. In 
this case, the status of the network entity is inferred by the 
model from information contained in models of other net- 
work devices. Since successful polling of a network device 
connected to a cable may indicate that the cable is function- 
ing properly, the status of the cable can be inferred from 
information contained in a model of the attached network 
device. Similarly, the operational status of a room can be 
inferred from the operational status contained in models of 
the network devices located within the room. In order for a 
model to make such inferences, it is necessary for the model 
to obtain information from related models. In a function 
called a model watch, an attribute in one model is monitored 
or watched by one or more other models. A change in the 
watched attribute may trigger inference handlers in the 
watching models. 

There are several methods to acquire a list of the data- 
relay devices in the network. One method is to make a 
manual data entry. Another is to conduct a "ping sweep" in 
which requests are sent blindly to a range of addresses, and 
the active devices respond with a reply. Another is to read 
system tables, such as the network name servers. Mother is 
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to read the address translation tables; and still another is to 
read the tables from knowo network devices. The above 
techniques are most useful for determining the presence of 
some network node at a given address; identification of the 
node as a data-relay device is then accomplished via the 
management protocol. In many cases, it will be necessary to 
translate the "management layer address" to a network 
address; the source address tables will typically utilize 
management level addresses, whereas the management pro- 
tocol usually operates via network layer addresses. 

While there have been shown and described select 
embodiments of the present invention, it wDl be obvious to 
those skilled in the art that various changes and modifica- 
tions may be made therein without departing from the scope 
of the invention as defined by the appended claims. 

What is claimed is: 

1. A method of determining a topology of a computer 
network including node devices and data-relay devices 
coupled to one another by a multi-drop line, each data-relay 
device having at least one port, the method including the 
steps of: 

acquiring a list of the data-relay devices in the computer 
network. 

acquiring a source address table for each at least one port 
of each data-relay device in the list, the source address 
table being a compilation of source addresses of pack- 
ets received from respective node devices and source 
addresses of management response packets received 
from other respective data-relay devices on the respec- 
tive at least one port of the respective data-relay device, 

selecting a unique ordered pair of different data-relay 
devices X and Y; 

(a) selecting a pair of ports X, and Y 7 on the selected 
different data-relay devices X and Y, respectively, 
where i represents a specific port of device X and j 
represents a specific port of device Y; 

(b) detentuning whether the source address table of 
port Xi includes an entry for device Y and whether 
the source address table of port Y, includes an entry 
for device X, and when the answer to both is 
affirmative, establishing a connection between ports 
X, and Y y in the topology; and 

(c) repeating the above selecting and deternuning steps 
(a) and (b) for each different pair of ports of the 
data-relay devices X and Y; 

(d) for each pair of ports X, and Y y wherein the source 
address table of port Y, does not include an entry for 
device X. deteirnining whether there is some inter- 
section of the entries of the source address tables for 
port Y r and port X^ where r is not equal to j, and q 
is not equal to i, and when the answer is affirmative, 
establishing a connection between port X, and port 
Y r in the topology; and 

(e) repeating the second detennining step (d) for each 
pair of ports X; and Y y for which the source address 
table of port Y r docs not include an entry for device 
X; 

(f) repeating the above selecting and determining steps 
(aHe) ^r each unique ordered pair of different 
data-relay devices X and Y in the network; and 

(g) generating a display of the established connections 
between the data-relay devices to show the network 
topology. 

2. The method of claim 1. further including: 
removing direct connections between X f and Yj from the 

network topology display when there is a transitive 
connection between X f and Y^ 



3. The method of any one of claims 1 and 2. wherein the 
data-relay devices send directed transmissions. 

4. The method of any one of claims 1 and 2, wherein the 
network includes a network management system which 
communicates with the data-relay devices. 

5. The method of claim 4, wherein the network manage- 
ment system has a virtual network of models representing 
node devices and data-relay devices* and wherein the models 
have means for comparing the source address tables to 
determine whether there is some intersection. 

6. The method of claim 4, wherein the data-relay devices 
transmit directed responses to management requests only on 
the port where a management request was received, 

7. The method of any one of claims 1 and 2, wherein the 
network topology is provided to a user by a display unit 
connected to the network. 

8. The method of any one of claims 1 and 2. wherein the 
display includes connections between the data-relay devices 
and the node devices. 

9. The method of claim 3. wherein the network topology 
is used by the network management system for one or more 
of controlling traffic on the network, optimizing network 
resources, security, and isolation of network faults. 

10. The method of claim 1* wherein the data-relay devices 
include bridges, repeaters, and hubs. 

11. The method of claim 1, wherein the node devices 
transmit packets which include the source address of the 
transmitting node device. 

12. The method of claim 1, wherein the data-relay devices 
are logically connected in a spanning tree. 

13. The method of claim 1, wherein the data-relay devices 
include three-port data-relay devices which provide branch 
connections. 

14. A system for detennining a topology of a computer 
network having node devices mad data-relay devices 
coupled to one another by a multi-drop line, means for 
storing a source address table for an associated port of each 
data-relay device, the source address table being a compi- 
lation of source addresses of packets received from respec- 

40 tive node devices and source addresses of management 
response packets received from other respective data-relay 
devices on the associated port, the system including: 
means for processing the addresses in the source address 
tables of different pairs of ports of different data-relay 
devices to determine whether there is a connection 
between the respective ports, the processing means 
comprising: 

means for selecting a unique ordered pair of different 
data-relay devices X and Y; 

(a) means for selecting a pair of parts X, and Y, on 
the selected different data-relay devices X and Y, 
respectively, where i represents a specific port of 
device X and j represents a specific port of device 
Y; 

(b) means for determining whether the source 
address table of port X, includes an entry for 
device Y and whether the source address table of 
port Yj includes an entry for device X, and when 
the answer to both is affirmative, establishing a 
connection between ports Xi and Y^ in the topol- 
ogy; 

(c) means for repeating operation of the above select- 
ing and determining means (a) and (b) for each 
different pair of ports of the data-relay devices X 
and Y; 

(d) for each pair of ports X, and Y > wherein the 
source address table of port Y, does not include an 
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entry for device X, means for determining whether 
for all q not equal to i, there is some intersection 
of the entries of the source address tables for port 
X g and port Y„ for all r not equal to j, and when 
the answer is affirmative, establishing a conncc- 5 
tion between port X, and port Y r in the topology; 

(e) means for repeating operation of the second 
determining means (d) for each pair of ports X< 
and Yj for which the source address table of port 
Yj does not include an entry for device X; 10 

(f) means for repeating operation of the above select- 
ing and determining means (a)-(e) for each unique 
ordered pair of different data-relay devices X and 
Y in the network; and 

(g) means for generating a display of the established 15 
connections between the data-relay devices to 
show the network topology. 

15. The system of claim 14, further including means far 
removing direct connections between Xj and Yj from the 
network topology display when there is a transitive connec- ^ 
tion between X, and Y,. 

16. The system of any one of claims 14 and 15, wherein 
the data-relay devices have means for sending directed 
transmissions. 

17. The system of any one of claims 14 and 15, wherein 2 s 
the network includes a network management system which 
communicates with the data-relay devices. 

18. The system of any one of HaJmg 14 and 15, further 
including a display unit connected to the network wherein 
the network topology is provided to a user. 30 

19. The system of any one of claims 14 and 15, wherein 
the display includes connections between the data-relay 
devices and the node devices. 

20. The system of claim 17, wherein the network man- 
agement system has a virtual network of models represent- 35 
ing node devices and data-relay devices, and wherein the 
models have means for comparing the source address tables 

to determine whether there is some intersection. 

21. The system of claim 17, wherein the network topology 

is used by the network management system for one or more 40 
of controlling traffic on the network, optimizing network 
resources, security, and isolation of network faults. 

22. The system of claim 17, wherein the data-relay 
devices transmit directed responses to management requests 
only on the port where a management request was received. 45 

23. The system of claim 14, wherein the data-relay 
devices include bridges, repeaters, and hubs. 

24. The system of claim 14, wherein the node devices 
transmit packets which include the source address of the 
transmitting node device. 20 

25. The system of claim 14, wherein the data-relay 
devices are logically connected in a spanning tree. 

26. The system of claim 14, wherein the data-relay 
devices include three-port data-relay devices which provide 
branch connections. 55 

27. A method of determining a topology of a computer 
network including node devices and data-relay devices 
coupled to one another by a multi-drop line, each data-relay 
device having at least one port each at least one port having 
associated with it a source address table including source $q 
addresses of packets received from respective node devices 
and source addresses of management response packets 
received from other respective data-relay devices on the 
respective port, the method comprising steps of: 

acquiring a list of data-relay devices; 65 
selecting a unique ordered pair of data-relay devices X, Y 
from the list; 



for the selected pair of data-relay devices: 

(a) far each at least one port on device X: 

(b) determining whether the source address table for 
port X; includes an entry far device Y; and 

(c) when the source address table for port X, includes 
an entry for device Y, for each port Y, on device Y: 

(d) determining whether the source address table for 
port Yj includes an entry far device X. establishing 
a connection between ports X* and Y y ; and 

(e) when the source address table for port Y ; includes 
an entry for device X, establishing a connection 
between ports X, and Y y ; and 

(f) when no port Yj on device Y has a source address 
table with an entry for device X, determining 
whether any source address table of any port Y r other 
than port Y, intersects with any source address table 
of any port of device X other man port X, and when 
there is an intersection found, establishing a connec- 
tion between port X, and port Y^ and 

repeating steps (a)-(f) fox each unique ordered pair of 
data-relay devices X, Y; and 

(g) generating a display of the established connections 
between the data-relay devices to show the network 
topology. 

28. A method of deternuning a topology of a computer 
network including node devices and data-relay devices 
coupled to one another by a multi-drop line, each data-relay 
device having at least one port, each at least one port having 
associated with it a source address table including source 
addresses of packets received from respective node devices 
and source addresses of management response packets 
received from other respective data-relay devices on the 
respective port, the method comprising the steps of: 

selecting a unique ordered pair of first and second data- 
relay devices; 

for the selected pair of first and second data-relay devices: 

(a) for each respective port on the first data-relay 
device: 

(b) determining whether the source address table for the 
respective port on the first data-relay device includes 
an entry for the second data-relay device; and 

(c) when the source address table for the respective port 
on the first data-relay device includes an entry for the 
second data-relay device, determining, for each 
respective port on the second data-relay device, 
whether the source address table for the respective 
port on the second data-relay device includes an 
entry for the first data-relay device and when the 
source address table for the respective port on the 
second data-relay device includes an entry for the 
first data-relay device, establishing a connection 
between the respective port of the first data-relay 
device and the respective port of the second data- 
relay device; 

(d) when the respective port on the first data-relay 
device includes an entry far the second data-relay 
device and no port on the second data-relay device 
has a source address table with an entry for the first 
data-relay device, determining whether any source 
address table entries of any of the ports on the second 
data-relay device intersect with any source address 
table entries of any of the ports on the first data-relay 
device except for the respective port on the first 
data-relay device; and when such an intersection is 
found, establishing a connection between the respec- 
tive port on the second data-relay device and the port 
on the first data-relay device which has an entry for 
the second data-relay device in its source address 
table; and 
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repeating steps (aM d ) for unique ordered pair of 

first and second data-relay devices; and 
generating a display of the established connections 
. between the data-relay devices to show the network 

topology. 3 
29. A method of determining a topology of a computer 
network including node devices and data-relay devices 
coupled to one another by a multi-drop line, each data-relay 
device having at least one port, each at least one port having 
associated with it a source address table including source 10 
addresses of packets received from respective node devices 
and source addresses of management response packets 
received from other respective data-relay devices on the 
respective port, the method comprising the steps of: 

selecting a unique ordered pair of first and second data- 15 
relay devices; 

for the selected pair of first and second data-relay devices: 

(a) determining whether the source address table for a 
respective port of the first data-relay device includes ^ 
an entry for the second data-relay device; 

(b) when the source address table for the respective port 
of the first data-relay device includes an entry for the 
second data-relay device: 

(c) determining whether the source address table f or a ^ 
respective port of the second data-relay device 
includes an entry for the first data-relay device and, 

if so. establishing a connection between the respec- 
tive port of the second data-relay device and the 
respective part of the first data-relay device; 
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(d) repeating step (c) for each port on the second 
data-relay device; 

(e) when no source address table in the second data- 
relay device has been determined to include an entry 
for the first data-relay device: 

(f) detennining whether the source address table for a 
respective port of the second data-relay device inter- 
sects with a source address table for any port on the 
first data-relay device except for the respective port 
of the first data-relay device determined in step (a) 
and, if so, establishing a connection between the 
respective port of the second data-relay device and 
the respective port of the first data-relay device 
which has an entry for the second data-relay device 
in its source address table as determined in step (a); 
and 

(g) repeating step (f) for each port on the second 
data-relay device; 

(h) repeating steps (aHg) for each port on the first 
data-relay device; and 

repeating steps for each unique ordered pair of 

first and second data-relay devices; and 
generating a display of the established connection 

between the data-relay devices to show the network 

topology. 

***** 
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